Ransomware is a huge global threat to businesses around the world. You’ve heard about the high-profile attacks: Colonial Pipeline, JBS, Garmin, Acer.
But many people now know a colleague whose business was attacked. It’s more prevalent than you might think.
That’s because the majority of corporate targets are small and medium businesses. 72% of targeted businesses have fewer than 1,000 employees, and 37% have fewer than 100. These aren’t large corporations with the resources to plan for this vector of attack. These are small businesses that have one or two IT administrators on staff or even no in-house IT.
Businesses are projected to pay out $20B in 2021, a 100% Y-o-Y increase for the last four years, and it’s only going to get worse with new business models like RaaS: ransomware-as-a-service.
The problem for companies is that their storage is always connected with full access for admins. When ransomware gets the administrative credentials, it has full access too. There is no policy to say that no one, not even the administrator, can change this file for a set amount of time.
Ransomware attacks are increasingly sophisticated, having the capability of watching for cloud account credentials, deleting backups and cloud storage, then encrypting everything and demanding a ransom. It’s imperative to build defenses against these escalating attacks. SMBs and large businesses need a backup target that allows them to lock backups for a designated time period.
Cloud Object Lock does just that. Because cloud storage providers like Amazon S3 control the API, they can add features like Object Lock, also referred to as Write-Once-Read-Many (WORM) storage or immutable storage. This lock is a retention policy for a specific version of a file that is locked from changes from every user, including the administrator. You can think of this as a virtual air-gap in the cloud because there is no way, barring to close the account, to delete that file before the retention date is passed.
Retrospect Backup uses Object Lock to create Immutable Backups. These backups are locked for a specific amount of time. Users can set a retention period for backups stored on supporting cloud platforms. Within this immutable retention period, backups cannot be deleted by any user, even if ransomware or a malicious actor acquires the root credentials.
Retrospect Backup’s ransomware protection is certified with Amazon S3, Microsoft Azure Blob Storage, Google Cloud Storage, Wasabi, Backblaze B2, and MinIO.